General Data Protection Regulation - HubSpot [PDF]

2 downloads 218 Views 280KB Size Report
EU Data Protection Directive (Directive 95/46/EC) allowed individual member states to craft their ... personal data, causing EU firms annual administrative burden of close to 3 billion euros. Such as location- services, big data, cloud, social network, and search engines ... Mohit Manchanda. VP, Head of Insurance Consulting.
Your 10-minute guide to

Your 10-minute guide to

GeneralData Data Protection Regulation General Protection Regulation Why was GDPR needed? EU Data Protection Directive (Directive 95/46/EC) allowed individual member states to craft their own data protection laws, which led to a fragmented legal framework. Furthermore, no significant revisions to the Directive since its adoption meant the laws were misfit in today’s advanced and dynamic business landscape Fragmented Laws

Advancements In Technology

Hinder free flow of personal data, causing EU firms annual administrative burden of close to 3 billion euros

Such as locationservices, big data, cloud, social network, and search engines call for much more data to be regulated as personal

Increased Globalization

Inadequate Enforcement

Led to tremendous inorganic growth (e.g. M&A, outsourcing) but little consideration was given to increased cross-border data movement

Meant that even significant infringements still resulted in small fines and liabilities

What is GDPR? Set to replace the Directive 95/46/EC on 25th May 2018, GDPR, is an EU-wide law that intends to harmonize and modernize the existing data protection rules, strengthen Your 10-minute guide to free flow of personal data and leverage individuals’ right to privacy, promote opportunities presented by the Digital Single Market. GDPR:

General Data Protection Regulation Applies to all companies worldwide, processing personal data of EU citizens

Broadens definition of personal data to include online identifiers and address possibility of the subject being singled out

Mandates DPO appointment for large scale data processors

Enforces stringent rules for international data transfers

Imposes fines of up to 20 million Euros or 4% of world-wide annual turnover

Necessitates breach notification to Supervisory Authority within 72 hours and in some cases, to data subjects

Entails data protection impact assessments prior to any risky processing operation

Requires privacy by design (and by default) in products, processes and systems

Benefits to Individuals

Benefits to Companies

Greater control over personal data, including its collection (stronger consent rules) and deletion (right to erasure)

Single law, not the 28 state-specific interpretations Level playing field between domestic and foreign companies

Data portability makes it easier for individuals to change service providers

Data portability allows start-ups access to corporate-dominated markets

Privacy-friendly default settings

GDPR time line (how it happened) 2015

2012

1995 Directive 95/46/EC adopted by EU

Draft of GDPR proposed

2018

2016

Dec: Political consensus on final text

Apr 27: GDPR became a law

May 25: Compliance deadline for impacted companies

How to comply with GDPR? Contact : Mohit Manchanda (Global Head, Insurance Consulting)

+44.7958.400.440

Prakhar Agrawal (Certified GDPR Practitioner) +44.7443.778.776 1. Develop, employ

[email protected] [email protected]

or contract privacy 2. Appoint a Data +44.7801.684.041 [email protected] experts Protection Officer

Wayne Reed (Vice President, Insurance)

EXLservice.com

© 2017 ExlService Holdings, Inc. All Rights Reserved.

9. Promote trainings and increase awareness

3. Understand data and data flows

9 steps to Compliance 8. Monitor and oversee compliance

4. Establish a process for data protection impact assessments

7. Revisit vendor contracts and selection strategy

5. Update policies and procedures, develop KPIs 6. Implement controls and safeguards

Contact :

Get started today

Mohit Manchanda (Global Head, Insurance Consulting)

+44.7958.400.440

Mohit Manchanda Prakhar Agrawal Prakhar Agrawal (Certified GDPR Practitioner) VP, Head of Insurance Consulting Certified GDPR+44.7443.778.776 Practitioner [email protected] [email protected] Wayne Reed (Vice- President, Insurance) +447958400440 mobile +447443778776+44.7801.684.041

[email protected] Wayne Reed

[email protected] VP, Insurance [email protected]

[email protected] +447801684041

EXLservice.com © 2017 ExlService Holdings, Inc. All Rights Reserved.